CVE-2025-2425
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: ESET
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eset | smart_security_premium | 18.1.13.0 |
| eset | security_ultimate | 18.1.13.0 |
| eset | safe_server | 18.1.13.0 |
| eset | nod32_antivirus | 18.1.13.0 |
| eset | small_business_security | 18.1.13.0 |
| eset | security_for_microsoft_sharepoint_server | 12.0.15004.0 |
| eset | endpoint_antivirus | 12.0.2049.0 |
| eset | endpoint_security | 12.0.2049.0 |
| eset | server_security | 12.0.12004.0 |
| eset | internet_security | 18.1.13.0 |
| eset | mail_security | 12.0.10003.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-2425 is a time-of-check to time-of-use (TOCTOU) race condition vulnerability in multiple ESET security products on Windows. It allows an attacker to exploit NTFS file system properties to trick the ESET software into clearing the contents of an arbitrary file by swapping file handles between detection and clearing phases when files with duplicate names are involved. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access and low privileges, requiring user interaction, to clear the contents of arbitrary files on your system. This can lead to data loss or corruption, affecting the integrity of your files, although it does not impact confidentiality or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying the installed ESET product versions on Windows systems to identify if they are at or below the vulnerable versions listed. Since the vulnerability is local and requires user interaction, network detection is limited. You can check the installed ESET product version using Windows command line commands such as 'wmic product where "name like '%ESET%'" get name, version' or by reviewing the product version in the ESET software interface. There are no specific commands provided to detect exploitation attempts or the race condition itself. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade all affected ESET security products on Windows to the fixed versions released by ESET. For most products, this means upgrading to version 18.2.14.0 or later, or the corresponding later versions for other affected products. Users should obtain these updates from official ESET channels to prevent exploitation of the vulnerability. [1]